Threat Intelligence Blog

Snapchat Photo Leak Shines a Light on Vulnerable Third-Party Apps

Posted October 24, 2014

After a massive photo leak dubbed “The Snappening” exposed an estimated 200,000 images from Snapchat users, the company took to Twitter and their blog to make something clear: the attack was carried out against a third-party app, not Snapchat itself.

Whether or not Snapchat is ultimately responsible for the leak is up for debate, but it is clear that third-party apps pose significant risks, even if they are not designed for malicious purposes.

So how can a company mitigate the risks posed by third-party apps? One approach is to educate users. On their official blog, Team Snapchat writes:

“When you give your login credentials to a third-party application, you’re allowing a developer, and possibly a criminal, to access your account information and send information on your behalf… We’ll continue to do our part by improving Snapchat’s security and calling on Apple and Google to take down third-party applications that access our API. You can help us out by avoiding the use of third-party applications.”

Another critical strategy is to maintain an awareness of potentially harmful or vulnerable third-party apps available in online marketplaces. Monitoring the official Google and Apple marketplaces is a good start, but there are hundreds of other app stores online, and most are unregulated. A comprehensive mobile application monitoring solution can help address this challenge.

Third-party apps often look exactly like the official apps, but they can be out of date, they can be missing important security updates, or as in the case of the app linked to Snapchat, they can be tied to a back-end that is vulnerable to cyber attacks.